# Filters added to this controller apply to all controllers in the application.
# Likewise, all the methods added will be available for all controllers.

class ApplicationController < ActionController::Base
  helper :all # include all helpers, all the time

  # See ActionController::RequestForgeryProtection for details
  # Uncomment the :secret if you're not using the cookie session store
  protect_from_forgery # :secret => 'ea88bc3837c1500f9cab4ff4b6dc6c78'


  def setup                    ##rk: is this the right way to do this?
    if (session)
      x = session[:user_id]
      @user = Submitter.find(x)
      @user_name = @user ? @user.name : nil
    end
  end

# The following code is based on Agile Web Development with Rails - original copyright:
# Excerpted from "Agile Web Development with Rails, 2nd Ed.",
# published by The Pragmatic Bookshelf.
# Copyrights apply to this code. It may not be used to create training material, 
# courses, books, articles, and the like. Contact us if you are in doubt.
# We make no guarantees that this code is fit for any purpose. 
# Visit http://www.pragmaticprogrammer.com/titles/rails2 for more book information.
#--------------------------------------------------------------------------------

  def authorize
    unless session[:user_id]
	    flash[:notice] = "Please login"
	    redirect_to(:controller => "administration", :action => "login")
    end
  end

  # Display the login form and wait for user to
  # enter a name and password. We then validate
  # these, adding the user object to the session
  # if they authorize. 
  def core_login()
    if request.get?
      session[:user_id] = nil
      user = Submitter.new
    else
      # Find the user they gave (by name alone)
      user = Submitter.new(params[:user])
      # Have that user object verify their <username, password>
      logged_in_user = user.try_to_login

      if logged_in_user
        session[:user_id] = logged_in_user.id
        redirect_to(:action => :index, :controller => :events_submitters)
      else
        flash[:notice] = "Invalid user/password combination"
      end
    end
  end
  
  def core_logout()
    session[:user_id] = nil
    flash[:notice] = "Logged out"
    redirect_to(:action => "login")
  end
# END based on Agile Web Development with Rails
#--------------------------------------------------------------------------------
end

# vi:ts=2:et:sw=2
